that's great, but they STILL do not obfuscate email addresses on debian's bugtracker, and they've taken some heat over the years for it. i've had more than one email account flooded with spam so bad they've had to be abandoned because of that, and eventually just said 'fuck it' and i don't even bother anymore, it is just not worth it.

If not, the basic Postfix configuration documentation you link to can be effectively in profoundly reducing spam, but the "remaining 20%" is still enough to flood most moderate mail servers.

I am amused that Symantec is claiming that spam has fallen below 50% of all current email. What they're counting as spam has apparently been pre-filtered on the _outbound_ side, by ISP's blocking port 25 outbound and forcing their clients to use authentication to m

The last 20% is not trivial to eliminate and often (always in many cases) overwhelms legitimate mail. I have spent the last few weeks retraining spamassassin to gain a few more percentage points. I think I will enable autolearn and dovecot-antispam to help keep the Bayesian database current.

Bruce Schneier's work on security is well known,, and respected, by much of the computer world. I was actually discussing a presentation Bruce did at Harvard years ago on how Kerberos works with one of the authors of Kerberos at a picnic yesterday, who affirmed the quality of Bruce's presentations.